$Id: socks-extensions.txt 12253 2007-10-28 18:29:29Z nickm $Tor's extensions to the SOCKS protocol1. OverviewThe SOCKS protocol provides a generic interface for TCP proxies. Clientsoftware connects to a SOCKS server via TCP, and requests a TCP connectionto another address and port. The SOCKS server establishes the connection,and reports success or failure to the client. After the connection hasbeen established, the client application uses the TCP stream as usual.Tor supports SOCKS4 as defined in [1], SOCKS4A as defined in [2], andSOCKS5 as defined in [3].The stickiest issue for Tor in supporting clients, in practice, is forcingDNS lookups to occur at the OR side: if clients do their own DNS lookup,the DNS server can learn which addresses the client wants to reach.SOCKS4 supports addressing by IPv4 address; SOCKS4A is a kludge on top ofSOCKS4 to allow addressing by hostname; SOCKS5 supports IPv4, IPv6, andhostnames.1.1. Extent of supportTor supports the SOCKS4, SOCKS4A, and SOCKS5 standards, except as follows:BOTH:- The BIND command is not supported.SOCKS4,4A:- SOCKS4 usernames are ignored.SOCKS5:- The (SOCKS5) "UDP ASSOCIATE" command is not supported.- IPv6 is not supported in CONNECT commands.- Only the "NO AUTHENTICATION" (SOCKS5) authentication method [00] issupported.2. Name lookupAs an extension to SOCKS4A and SOCKS5, Tor implements a new command value,"RESOLVE" [F0]. When Tor receives a "RESOLVE" SOCKS command, it initiatesa remote lookup of the hostname provided as the target address in the SOCKSrequest. The reply is either an error (if the address couldn't beresolved) or a success response. In the case of success, the address isstored in the portion of the SOCKS response reserved for remote IP address.(We support RESOLVE in SOCKS4 too, even though it is unnecessary.)For SOCKS5 only, we support reverse resolution with a new command value,"RESOLVE_PTR" [F1]. In response to a "RESOLVE_PTR" SOCKS5 command withan IPv4 address as its target, Tor attempts to find the canonicalhostname for that IPv4 record, and returns it in the "server boundaddress" portion of the reply.(This command was not supported before Tor 0.1.2.2-alpha.)3. Other command extensions.Tor 0.1.2.4-alpha added a new command value: "CONNECT_DIR" [F2].
Leave a Comment